npm installer pulls 41 transitive dependencies via axios — consider bundled binary approach

[zeroows]

Problem

The npm installer generated by cargo-dist uses a JS downloader approach that brings in 5 direct runtime dependencies:

• axios (+ axios-proxy-builder)
• console.table (unused — already a Node built-in since v10, see Deps: Is console.table necessary? #2224)
• detect-libc
• rimraf

This results in 41 packages installed for what is fundamentally a single static binary. For comparison, tools like esbuild, swc, and biome use platform-specific optional dependencies (@esbuild/linux-x64, etc.) that contain the binary directly — zero runtime JS dependencies, no postinstall download step.

$ npm install @silafood/runsteps@0.1.0
41 packages installed

Suggestion

Consider offering a bundled binary strategy (as described in #450) where:

1. Platform-specific packages (@scope/tool-linux-x64, @scope/tool-darwin-arm64, etc.) each contain the prebuilt binary
2. The root package lists them as optionalDependencies
3. npm/bun/pnpm automatically picks the right one for the platform

This eliminates:

• All 5 runtime dependencies (axios, detect-libc, rimraf, console.table, axios-proxy-builder)
• The postinstall download step (binary is already in the package)
• Network failures during install (no GitHub fetch at install time)
• The 41-package dependency tree

Current workaround

Using the shell installer (curl | sh) or Homebrew instead of npm, since those have zero dependencies.

Environment

• cargo-dist 0.31.0
• installers = ["shell", "npm", "homebrew"]

[20jasper]

Note #2350 should eliminate many of the same deps if merged

[rafaeelaudibert]

#2400 fixes this by removing all of the dependencies mentioned above. A new release hasn't been cut yet, however.